SlideShare a Scribd company logo

Rest api standards and best practices

Download as PPSX, PDF
Ankita Mahajan
Ankita Mahajan

REST web service development guidelines and best practices. An introduction to guidelines and best practices for developing REST API or web services.

Technology
1 of 19
REST WEB SERVICE DEVELOPMENT GUIDELINES AND BEST PRACTICES PRESENTED BY: ANKITA MAHAJAN
OBJECTIVE This presentation gives an overview of best practices and guidelines for creating a rest service or for developing a rest service framework, over HTTP. These conventions are also helpful for rest services consumers.
NAMING AND URI CONVENTIONS API VERSIONING AND CATALOG COLLECTION RESOURCE ERROR RESPONSE ENTITY REFERENCES INTRODUCTION A G E N D A RESPONSE STATUS CODES SINGULAR RESOURCE
INTRODUCTION REST Constraints Client-Server Stateless Cacheable Uniform Interface Layered System Code on Demand (optional) • REST: Representational State Transfer • REST CONSTRAINTS • BASIC TERMINOLOGY: • Resource • Collection • Instance/Singular • REST API or service • Resource Identifier • Root resource • Sub-resource
BEHAVIOR • Behavior: HTTP methods • GET • POST • PUT • DELETE • HEAD • PATCH • Behavior should be implemented based on CRUD, unless there’s a specific requirement otherwise. • Coarse-grained approach for data • Media type or Data format of response: Client should be able to parse response • application/json • application/xml
NAMING CONVENTIONS • SEMANTICALLY PRECISE • LOWER CAMEL CASE • SHOULD NOT CONTAIN:  UNDERSCORES  HYPHENS  NUMBERS • Date/Time: UTC should be used, following ISO:8601 date/time standard • Collection resource names should be PLURAL NOUNS (not verbs) • Ex) /service/api/v1/departments/12/shelves/34/products
RESOURCE URI • Collection resource: /[context/]version/resourceName • Ex: /store/api/1.2/employees • Singular resource: /[context/]version/resourceName/resourceId • Ex: /store/api/1.2/employees/2 • Child resource: rootResourceUri/childResourceName • Ex: /store/api/1.2/employees/2/feedbacks • Query Parameters: /resourceName?queryParam1=val1&queryParam2=val • Ex: /store/api/1.2/employees?department=20&experience=5
API VERSIONING • Clients should know desired version no. • Multiple API versions can exist simultaneously. • It should be possible to find out current/latest version GET /store/api HTTP/1.1 Host: grocers.com:7001 HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { [ "v1": { "canonicalLink": "/store/api/v1" }, "v2": { "canonicalLink": "/store/api/v2" } ], "canonicalLink": "/school/api" }
RESOURCE INDEX/CATALOG • A list of all resources available in the API. • Must include all root resources. • Separate catalog for each version. Response: HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { “employees": { "canonicalLink": "/store/api/v1/employees" }, “customers": { "canonicalLink": "/store/api/v1/customers" }, "capabilities": { “cashAccepted": true, “cardAccepted": true }, "canonicalLink": "/store/api/v1" } Request: GET /store/api/v1 HTTP/1.1 Host: grocers.com:7001
GET SINGULAR RESOURCE • Use GET HTTP method to fetch response, based on accept header. • Accept header: application/JSON or application/XML GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/json HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “100", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" } GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/xml HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?> <resource> <id>12</id> <name>Nutella 300g</name> <price>100</price> <category>spreads</category> <canonicalLink>/store/api/v1/products/12</can onicalLink> </resource>
CREATE SINGULAR RESOURCE • Use POST HTTP method targeting a collection resource URL. • Response MUST contain new resource’s URI in Location response header. • Response MAY contain the following in response body : • The newly created resource • A generic acknowledgement with entity id and/or URL of the new resource Response: HTTP/1.1 201 Created Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json Location: https://grocers.com:7001/store/api/v1/products/12 { “msg”: “Product created successfully”, "id": "12", "canonicalLink": "/store/api/v1/products/12" } Request: POST /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "name": “Nutella 300g", "price": “100", “category“: “spreads“ }
FULL UPDATE SINGULAR RESOURCE • Use PUT method targeting the singular resource, for “full” update • As per HTTP specification, the full resource representation should be provided in the PUT request body • Read-only fields like “id” and “canonicalLink” in request body should be ignored by API Response HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } Request PUT /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “200", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" }
PARTIAL UPDATE SINGULAR RESOURCE • Use PATCH method along with a “patch document” • Service SHOULD allow client to update only required attributes of a resource • Patch-document specification: • XML Patch [RFC5261] • JSON Patch (draft-ietf-appsawg-json-patch) HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product price and category updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } PATCH /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 { "price": "300", "category": "" } OR To avoid HTTP proxy issues with PATCH, use: POST /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 X-HTTP-Method-Override: PATCH
GET COLLECTION RESOURCE • API MUST return all default attributes of child resources along with their canonical links. • Based on performance or scalability requirements, paging and/or filtering MAY be supported to return a subset of child resources. HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": "12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" },{ "id": 35", "name": “Fruit Loops", "canonicalLink": “/store/api/v1/products/35" }], "canonicalLink": "/store/api/v1/products“ } GET /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Accept: application/json
COLLECTION RESOURCE PAGING • Paging is used to retrieve a subset of collection items based on two request query parameters: offset and limit • To get the next/previous page, query the next/previous link • hasMore specifies if there are subsequent elements to be retrieved HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": “11", "name": “Taj Mahal tea", "canonicalLink": “/store/api/v1/products/11" },{ "id": 12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" } ], "hasMore": true, "canonicalLink": "/store/api/v1/products", "selfLink": "/store/api/v1/products?offset=10&limit=2", "previousLink": "/store/api/v1/products?offset=8&limit=2", "nextLink": "/store/api/v1/products?offset=12&limit=2" } GET /store/api/v1/products?offset=10& limit=2 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
RESPONSE STATUS CODES • Each HTTP response contains a status code which signifies the result of the HTTP request. The following should be supported: • 200: OK. Response for successful GET, PATCH, PUT, DELETE • 201: Created. Response for successful POST • 204: No Content. Request successfully executed & response doesn't have content • 400: Bad Request. Invalid parameters, parameter values or data format • 404: Resource not found. Invalid URL/resource • 500: Internal server error • The entire list of HTTP status codes can be found on httpStatuses.com
RESPONSE ERROR ENTITY • In case of a any error or validation failure a special response should be used. • An error entity should only have descriptive error details relevant for client. • Response should never have stack trace, internal code or file paths. HTTP/1.1 400 Bad Request Date: Mon, 10 Jun 2016 11:32:12 GMT Content-Type: application/json { "httpStatusCode": 400, "httpMessage": "Bad Request ", “errorTitle":”Invalid instance id” "errorCode": "errorcode:invalid:id", "errorDetail": “The requested product does not exist“, “moreInfo “: “http://www.grocers.com/errors/400/product" } GET /store/api/v1/products/6000 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
REFERENCES • Architectural styles and the design of network-based software architectures, PhD Dissertation, Thomas Fielding, http://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation .pdf
THANK YOU

Recommended

Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsTessa Mero
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST APIAniruddh Bhilvare
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0Fabrizio Ferri-Benedetti
 
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
RESTful API - Best Practices
RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best PracticesTricode (part of Dept)
 

Recommended

Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsTessa Mero
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST APIAniruddh Bhilvare
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0Fabrizio Ferri-Benedetti
 
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
RESTful API - Best Practices
RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best PracticesTricode (part of Dept)
 
Api Testing
Api TestingApi Testing
Api TestingVishwanath KC
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding RESTNitin Pande
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developersPatrick Savalle
 
Introduction to REST - API
Introduction to REST - APIIntroduction to REST - API
Introduction to REST - APIChetan Gadodia
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web ServicesChristopher Bartling
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / conceptsPatrick Savalle
 
Restful api design
Restful api designRestful api design
Restful api designMizan Riqzia
 
02 api gateway
02 api gateway02 api gateway
02 api gatewayJanani Velmurugan
 
REST API
REST APIREST API
REST APITofazzal Ahmed
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
API
APIAPI
APIMasters Academy
 
Soap vs rest
Soap vs restSoap vs rest
Soap vs restAntonio Severien
 
Api testing
Api testingApi testing
Api testingHamzaMajid13
 
Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0WSO2
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing SwaggerTony Tam
 
API Test Automation
API Test Automation API Test Automation
API Test Automation SQALab
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web APIhabib_786
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDBMongoDB
 

More Related Content

What's hot

Understanding REST
Understanding RESTUnderstanding REST
Understanding RESTNitin Pande
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developersPatrick Savalle
 
Introduction to REST - API
Introduction to REST - APIIntroduction to REST - API
Introduction to REST - APIChetan Gadodia
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / conceptsPatrick Savalle
 
Restful api design
Restful api designRestful api design
Restful api designMizan Riqzia
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0WSO2
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing SwaggerTony Tam
 
API Test Automation
API Test Automation API Test Automation
API Test Automation SQALab
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web APIhabib_786
 

What's hot (20)

Api Testing
Api TestingApi Testing
Api Testing
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
 
Introduction to REST - API
Introduction to REST - APIIntroduction to REST - API
Introduction to REST - API
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web Services
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / concepts
 
Restful api design
Restful api designRestful api design
Restful api design
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
 
REST API
REST APIREST API
REST API
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
API
APIAPI
API
 
Soap vs rest
Soap vs restSoap vs rest
Soap vs rest
 
Api testing
Api testingApi testing
Api testing
 
Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0Highlights of WSO2 API Manager 4.0.0
Highlights of WSO2 API Manager 4.0.0
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing Swagger
 
API Test Automation
API Test Automation API Test Automation
API Test Automation
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
 

Similar to Rest api standards and best practices

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDBMongoDB
 
Integrate MongoDB & SQL data with a single REST API
Integrate MongoDB & SQL data with a single REST APIIntegrate MongoDB & SQL data with a single REST API
Integrate MongoDB & SQL data with a single REST APIEspresso Logic
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated developmentJonathan LeBlanc
 
Build an API the right way
Build an API the right wayBuild an API the right way
Build an API the right waySoftware Guru
 
Building an Api the Right Way
Building an Api the Right WayBuilding an Api the Right Way
Building an Api the Right WayIcalia Labs
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
Lies you have been told about REST
Lies you have been told about RESTLies you have been told about REST
Lies you have been told about RESTdarrelmiller71
 
Nordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationNordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationRouven Weßling
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsCarol McDonald
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack APIKrunal Jain
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsWSO2
 
REST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxREST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxJason452803
 

Similar to Rest api standards and best practices (20)

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Building Your First App with MongoDB
Building Your First App with MongoDBBuilding Your First App with MongoDB
Building Your First App with MongoDB
 
Integrate MongoDB & SQL data with a single REST API
Integrate MongoDB & SQL data with a single REST APIIntegrate MongoDB & SQL data with a single REST API
Integrate MongoDB & SQL data with a single REST API
 
API gateway setup
API gateway setupAPI gateway setup
API gateway setup
 
Web api
Web apiWeb api
Web api
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
 
Build an API the right way
Build an API the right wayBuild an API the right way
Build an API the right way
 
Building an Api the Right Way
Building an Api the Right WayBuilding an Api the Right Way
Building an Api the Right Way
 
Doing REST Right
Doing REST RightDoing REST Right
Doing REST Right
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
Lies you have been told about REST
Lies you have been told about RESTLies you have been told about REST
Lies you have been told about REST
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Nordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API DocumentationNordic APIs - Automatic Testing of (RESTful) API Documentation
Nordic APIs - Automatic Testing of (RESTful) API Documentation
 
Consumer-centric API Design
Consumer-centric API DesignConsumer-centric API Design
Consumer-centric API Design
 
REST APIs
REST APIsREST APIs
REST APIs
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
 
Rest
RestRest
Rest
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack API
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile Environments
 
REST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptxREST API 20.2 - Appworks Gateway Integration.pptx
REST API 20.2 - Appworks Gateway Integration.pptx
 

More from Ankita Mahajan

Understanding Goods & Services Tax (GST), India
Understanding Goods & Services Tax (GST), IndiaUnderstanding Goods & Services Tax (GST), India
Understanding Goods & Services Tax (GST), IndiaAnkita Mahajan
 
Introduction to Data Center Network Architecture
Introduction to Data Center Network ArchitectureIntroduction to Data Center Network Architecture
Introduction to Data Center Network ArchitectureAnkita Mahajan
 
Virtualization in 4-4 1-4 Data Center Network.
Virtualization in 4-4 1-4 Data Center Network.Virtualization in 4-4 1-4 Data Center Network.
Virtualization in 4-4 1-4 Data Center Network.Ankita Mahajan
 
FATTREE: A scalable Commodity Data Center Network Architecture
FATTREE: A scalable Commodity Data Center Network ArchitectureFATTREE: A scalable Commodity Data Center Network Architecture
FATTREE: A scalable Commodity Data Center Network ArchitectureAnkita Mahajan
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6Ankita Mahajan
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingAnkita Mahajan
 
VL2: A scalable and flexible Data Center Network
VL2: A scalable and flexible Data Center NetworkVL2: A scalable and flexible Data Center Network
VL2: A scalable and flexible Data Center NetworkAnkita Mahajan
 

More from Ankita Mahajan (8)

Eye training
Eye trainingEye training
Eye training
 
Understanding Goods & Services Tax (GST), India
Understanding Goods & Services Tax (GST), IndiaUnderstanding Goods & Services Tax (GST), India
Understanding Goods & Services Tax (GST), India
 
Introduction to Data Center Network Architecture
Introduction to Data Center Network ArchitectureIntroduction to Data Center Network Architecture
Introduction to Data Center Network Architecture
 
Virtualization in 4-4 1-4 Data Center Network.
Virtualization in 4-4 1-4 Data Center Network.Virtualization in 4-4 1-4 Data Center Network.
Virtualization in 4-4 1-4 Data Center Network.
 
FATTREE: A scalable Commodity Data Center Network Architecture
FATTREE: A scalable Commodity Data Center Network ArchitectureFATTREE: A scalable Commodity Data Center Network Architecture
FATTREE: A scalable Commodity Data Center Network Architecture
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined Networking
 
VL2: A scalable and flexible Data Center Network
VL2: A scalable and flexible Data Center NetworkVL2: A scalable and flexible Data Center Network
VL2: A scalable and flexible Data Center Network
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Rest api standards and best practices

  • 1. REST WEB SERVICE DEVELOPMENT GUIDELINES AND BEST PRACTICES PRESENTED BY: ANKITA MAHAJAN
  • 2. OBJECTIVE This presentation gives an overview of best practices and guidelines for creating a rest service or for developing a rest service framework, over HTTP. These conventions are also helpful for rest services consumers.
  • 3. NAMING AND URI CONVENTIONS API VERSIONING AND CATALOG COLLECTION RESOURCE ERROR RESPONSE ENTITY REFERENCES INTRODUCTION A G E N D A RESPONSE STATUS CODES SINGULAR RESOURCE
  • 4. INTRODUCTION REST Constraints Client-Server Stateless Cacheable Uniform Interface Layered System Code on Demand (optional) • REST: Representational State Transfer • REST CONSTRAINTS • BASIC TERMINOLOGY: • Resource • Collection • Instance/Singular • REST API or service • Resource Identifier • Root resource • Sub-resource
  • 5. BEHAVIOR • Behavior: HTTP methods • GET • POST • PUT • DELETE • HEAD • PATCH • Behavior should be implemented based on CRUD, unless there’s a specific requirement otherwise. • Coarse-grained approach for data • Media type or Data format of response: Client should be able to parse response • application/json • application/xml
  • 6. NAMING CONVENTIONS • SEMANTICALLY PRECISE • LOWER CAMEL CASE • SHOULD NOT CONTAIN:  UNDERSCORES  HYPHENS  NUMBERS • Date/Time: UTC should be used, following ISO:8601 date/time standard • Collection resource names should be PLURAL NOUNS (not verbs) • Ex) /service/api/v1/departments/12/shelves/34/products
  • 7. RESOURCE URI • Collection resource: /[context/]version/resourceName • Ex: /store/api/1.2/employees • Singular resource: /[context/]version/resourceName/resourceId • Ex: /store/api/1.2/employees/2 • Child resource: rootResourceUri/childResourceName • Ex: /store/api/1.2/employees/2/feedbacks • Query Parameters: /resourceName?queryParam1=val1&queryParam2=val • Ex: /store/api/1.2/employees?department=20&experience=5
  • 8. API VERSIONING • Clients should know desired version no. • Multiple API versions can exist simultaneously. • It should be possible to find out current/latest version GET /store/api HTTP/1.1 Host: grocers.com:7001 HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { [ "v1": { "canonicalLink": "/store/api/v1" }, "v2": { "canonicalLink": "/store/api/v2" } ], "canonicalLink": "/school/api" }
  • 9. RESOURCE INDEX/CATALOG • A list of all resources available in the API. • Must include all root resources. • Separate catalog for each version. Response: HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { “employees": { "canonicalLink": "/store/api/v1/employees" }, “customers": { "canonicalLink": "/store/api/v1/customers" }, "capabilities": { “cashAccepted": true, “cardAccepted": true }, "canonicalLink": "/store/api/v1" } Request: GET /store/api/v1 HTTP/1.1 Host: grocers.com:7001
  • 10. GET SINGULAR RESOURCE • Use GET HTTP method to fetch response, based on accept header. • Accept header: application/JSON or application/XML GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/json HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “100", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" } GET /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Accept: application/xml HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?> <resource> <id>12</id> <name>Nutella 300g</name> <price>100</price> <category>spreads</category> <canonicalLink>/store/api/v1/products/12</can onicalLink> </resource>
  • 11. CREATE SINGULAR RESOURCE • Use POST HTTP method targeting a collection resource URL. • Response MUST contain new resource’s URI in Location response header. • Response MAY contain the following in response body : • The newly created resource • A generic acknowledgement with entity id and/or URL of the new resource Response: HTTP/1.1 201 Created Date: Thu, 26 May 2016 07:13:00 GMT Content-Type: application/json Location: https://grocers.com:7001/store/api/v1/products/12 { “msg”: “Product created successfully”, "id": "12", "canonicalLink": "/store/api/v1/products/12" } Request: POST /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "name": “Nutella 300g", "price": “100", “category“: “spreads“ }
  • 12. FULL UPDATE SINGULAR RESOURCE • Use PUT method targeting the singular resource, for “full” update • As per HTTP specification, the full resource representation should be provided in the PUT request body • Read-only fields like “id” and “canonicalLink” in request body should be ignored by API Response HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } Request PUT /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 Content-Type: application/json { "id": "12", "name": “Nutella 300g", "price": “200", “category“: “spreads“, "canonicalLink": "/store/api/v1/products/12" }
  • 13. PARTIAL UPDATE SINGULAR RESOURCE • Use PATCH method along with a “patch document” • Service SHOULD allow client to update only required attributes of a resource • Patch-document specification: • XML Patch [RFC5261] • JSON Patch (draft-ietf-appsawg-json-patch) HTTP/1.1 204 No content Date: Thu, 26 May 2016 07:13:00 GMT OR HTTP/1.1 200 OK Date: Thu, 26 May 2016 07:13:00 GMT { “msg”: “Product price and category updated”, “id”:12, "canonicalLink": "/store/api/v1/products/12" } PATCH /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 { "price": "300", "category": "" } OR To avoid HTTP proxy issues with PATCH, use: POST /store/api/v1/products/12 HTTP/1.1 Host: grocers.com:7001 X-HTTP-Method-Override: PATCH
  • 14. GET COLLECTION RESOURCE • API MUST return all default attributes of child resources along with their canonical links. • Based on performance or scalability requirements, paging and/or filtering MAY be supported to return a subset of child resources. HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": "12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" },{ "id": 35", "name": “Fruit Loops", "canonicalLink": “/store/api/v1/products/35" }], "canonicalLink": "/store/api/v1/products“ } GET /store/api/v1/products HTTP/1.1 Host: grocers.com:7001 Accept: application/json
  • 15. COLLECTION RESOURCE PAGING • Paging is used to retrieve a subset of collection items based on two request query parameters: offset and limit • To get the next/previous page, query the next/previous link • hasMore specifies if there are subsequent elements to be retrieved HTTP/1.1 200 OK Date: Fri, 03 June 2016 07:32:00 GMT Content-Type: application/json { "items": [{ "id": “11", "name": “Taj Mahal tea", "canonicalLink": “/store/api/v1/products/11" },{ "id": 12", "name": “Nutella 300", "canonicalLink": “/store/api/v1/products/12" } ], "hasMore": true, "canonicalLink": "/store/api/v1/products", "selfLink": "/store/api/v1/products?offset=10&limit=2", "previousLink": "/store/api/v1/products?offset=8&limit=2", "nextLink": "/store/api/v1/products?offset=12&limit=2" } GET /store/api/v1/products?offset=10& limit=2 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
  • 16. RESPONSE STATUS CODES • Each HTTP response contains a status code which signifies the result of the HTTP request. The following should be supported: • 200: OK. Response for successful GET, PATCH, PUT, DELETE • 201: Created. Response for successful POST • 204: No Content. Request successfully executed & response doesn't have content • 400: Bad Request. Invalid parameters, parameter values or data format • 404: Resource not found. Invalid URL/resource • 500: Internal server error • The entire list of HTTP status codes can be found on httpStatuses.com
  • 17. RESPONSE ERROR ENTITY • In case of a any error or validation failure a special response should be used. • An error entity should only have descriptive error details relevant for client. • Response should never have stack trace, internal code or file paths. HTTP/1.1 400 Bad Request Date: Mon, 10 Jun 2016 11:32:12 GMT Content-Type: application/json { "httpStatusCode": 400, "httpMessage": "Bad Request ", “errorTitle":”Invalid instance id” "errorCode": "errorcode:invalid:id", "errorDetail": “The requested product does not exist“, “moreInfo “: “http://www.grocers.com/errors/400/product" } GET /store/api/v1/products/6000 HTTP/1.1 Host: grocers.com:7001 Accept: application/json
  • 18. REFERENCES • Architectural styles and the design of network-based software architectures, PhD Dissertation, Thomas Fielding, http://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation .pdf

Editor's Notes

  1. Context is the application/api name Version is the api version, not resource version
  2. Service MAY return a response body